Well, well... What if it flaps back and forth? :-) -- Marko Milivojevic - CCIE #18427 (SP R&S) Senior CCIE Instructor - IPexpert
On Fri, Oct 12, 2012 at 12:06 AM, vin.ccie29412 <[email protected]> wrote: > peering to an hsrp vip will work , fast hellos can be used to minimise > the swap delay , in all circumstances bgp will flap . > > to have device redundancy to a single upstream pe would sound over spec , > but to a multi node internal external peer would be ideal . A Flap is much > better than total loss of service . > > Regards > > Vin > > > > > On Fri, Oct 12, 2012 at 5:47 AM, Marko Milivojevic <[email protected]>wrote: > >> To be honest, I'm as amused as you are with this :-). I'm in a >> bootcamp for the next three weeks, but I'll for sure give it a >> thorough test when I'm done :-). >> >> I'm guessing it can be made to work, as long as HSRP-side is >> "passive", i.e. not the one initiating connection. Of course, without >> a state exchange between HSRP peers, when there is HSRP failover, BGP >> will flap. This is probably why it's not recommended. >> >> -- >> Marko Milivojevic - CCIE #18427 (SP R&S) >> Senior CCIE Instructor - IPexpert >> >> On Thu, Oct 11, 2012 at 5:16 PM, Nick Bonifacio <[email protected]> >> wrote: >> > There has to be instability issues, right? Flapping, arps and macs >> getting hosed perhaps? >> > >> > *Paging Dr. Marko* >> > >> > >> > ________________________________ >> > From: Tony Singh <[email protected]> >> > To: Nick Bonifacio <[email protected]> >> > Cc: Bob McCouch <[email protected]>; "[email protected]" < >> [email protected]> >> > Sent: Thursday, October 11, 2012 6:13 PM >> > Subject: Re: [OSL | CCIE_RS] Hello team can we make bgp neighbor ship >> HSRP virtual IP ? >> > >> > >> > Good work Nick >> > >> > I'm sure Cisco know this works..? Why do they not recommend it then ... >> > >> > >> > -- >> > BR >> > >> > Tony >> > Sent from my iPhone on 3 >> > >> > On 11 Oct 2012, at 23:06, Nick Bonifacio <[email protected]> wrote: >> > >> > >> > >> >> >> >>R5(config-router)#do sh ip b >> >>*Oct 11 22:09:20.495: %BGP-5-ADJCHANGE: neighbor 10.0.46.1 Down User >> reset >> >>*Oct 11 22:09:20.907: %BGP-5-ADJCHANGE: neighbor 10.0.46.1 Up gp >> >>BGP table version is 16, local router ID is 10.0.46.55 >> >>Status codes: s suppressed, d damped, h history, * valid, > best, i - >> internal, >> >> r RIB-failure, S Stale >> >>Origin codes: i - IGP, e - EGP, ? - incomplete >> >> >> >> >> >> Network Next Hop Metric LocPrf Weight Path >> >>*>i192.46.1.0 10.0.46.1 1234 100 10000 i >> >>*>i192.46.2.0 10.0.46.1 1234 100 10000 i >> >>*>i192.46.3.0 10.0.46.1 1234 100 10000 i >> >>*>i192.46.4.0 10.0.46.1 1234 100 10000 i >> >>*>i192.46.5.0 10.0.46.1 1234 100 10000 i >> >>*>i192.46.6.0 10.0.46.1 1234 100 10000 i >> >>*>i192.46.7.0 10.0.46.1 1234 100 10000 i >> >>*>i192.46.8.0 10.0.46.1 1234 100 10000 i >> >>*>i192.46.9.0 10.0.46.1 1234 100 10000 i >> >>*>i192.46.10.0 10.0.46.1 1234 100 10000 i >> >>*>i192.46.11.0 10.0.46.1 1234 100 10000 i >> >>*>i192.46.12.0 10.0.46.1 1234 100 10000 i >> >>*>i192.46.13.0 10.0.46.1 1234 100 10000 i >> >>*>i192.46.14.0 10.0.46.1 1234 100 10000 i >> >>*>i192.46.15.0 10.0.46.1 1234 100 10000 i >> >>R5(config-router)# >> >> >> >> >> >>i need a fast way to copy and paste prefixes in :) >> >> >> >> >> >>I did manipulate weight, MED... >> >> >> >>________________________________ >> >> From: Tony Singh <[email protected]> >> >>To: Nick Bonifacio <[email protected]> >> >>Cc: Bob McCouch <[email protected]>; "[email protected]" < >> [email protected]> >> >>Sent: Thursday, October 11, 2012 5:54 PM >> >>Subject: Re: [OSL | CCIE_RS] Hello team can we make bgp neighbor ship >> HSRP virtual IP ? >> >> >> >>Take it further see how many prefixes it can handle, check metrics work >> weight local pref med... >> >> >> >>-- >> >>BR >> >> >> >>Tony >> >> >> >>Sent from my iPad >> >> >> >>On 11 Oct 2012, at 22:34, Nick Bonifacio <[email protected]> wrote: >> >> >> >>> I can't believe it, working on real hardware as well: >> >>> >> >>> interface FastEthernet0/0 >> >>> ip address 10.0.46.6 255.255.255.0 >> >>> duplex auto >> >>> speed auto >> >>> standby 0 ip 10.0.46.1 >> >>> >> >>> >> >>> router bgp 456 >> >>> no synchronization >> >>> bgp log-neighbor-changes >> >>> neighbor 10.0.46.55 remote-as 456 >> >>> no auto-summary >> >>> >> >>> >> >>> ------------------------------------------------------------------ >> >>> >> >>> >> >>> interface FastEthernet0/0 >> >>> ip address 10.0.46.55 255.255.255.0 >> >>> duplex >> > auto >> >>> speed auto >> >>> >> >>> >> >>> router bgp 456 >> >>> no synchronization >> >>> bgp log-neighbor-changes >> >>> neighbor 10.0.46.1 remote-as 456 >> >>> no auto-summary >> >>> >> >>> >> >>> R5(config-router)#do sh ip bgp sum >> >>> BGP router identifier 10.0.46.55, local AS number 456 >> >>> BGP table version is 1, main routing table version 1 >> >>> >> >>> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ >> Up/Down State/PfxRcd >> >>> 10.0.46.1 4 456 5 5 1 0 >> 0 00:03:18 0 >> >>> >> >>> >> >>> R5(config-router)#do sh tcp brief >> >>> TCB Local Address >> > Foreign Address (state) >> >>> 66A1041C 10.0.46.55.39341 10.0.46.1.179 >> ESTAB >> >>> >> >>> >> >>> System image file is "flash:c1841-adventerprisek9-mz.124-24.T7.bin" >> >>> >> >>> >> >>> >> >>> ________________________________ >> >>> From: Nick Bonifacio <[email protected]> >> >>> To: Bob McCouch <[email protected]> >> >>> Cc: "[email protected]" <[email protected]> >> >>> Sent: Thursday, October 11, 2012 8:51 AM >> >>> Subject: Re: [OSL | CCIE_RS] Hello team can we make bgp neighbor ship >> HSRP virtual IP ? >> >>> >> >>> Just what I need, another OCD day. Oh well, I'll be home in about 8 >> hours and will have access to real hardware. I will let everyone know what >> happens. >> >>> >> >>> Nick >> >>> >> >>> Sent from my iPhone >> >>> >> >>> On Oct 11, 2012, at 8:43 AM, Bob McCouch <[email protected]> wrote: >> >>> >> >>>> Interesting. I was also pretty sure that didn't work. At best it would >> >>>> only do a passive open (respond to a TCP syn) no originate the >> >>>> session. >> >>>> >> >>>> Bob >> >>>> -- >> >>>> Sent from my iPhone, please excuse any typos. >> >>>> >> >>>> On Oct 11, 2012, at 8:25 AM, >> > Nick Bonifacio <[email protected]> wrote: >> >>>> >> >>>>> //Disclaimer: I am using GNS3 for this example. >> >>>>> >> >>>>> This is the way I understand it, anyone else feel free to chime in: >> >>>>> >> >>>>> Think update source. >> >>>>> >> >>>>> router bgp 4 >> >>>>> neighbor 10.0.4.5 remote-as 5 >> >>>>> neighbor 10.0.4.5 update-source FastEthernet0/0 >> >>>>> >> >>>>> >> >>>>> interface FastEthernet0/0 >> >>>>> ip address 10.0.4.4 255.255.255.0 >> >>>>> duplex auto >> >>>>> speed auto >> >>>>> standby 0 ip 10.0.4.254 >> >>>>> >> >>>>> how can I create a neighborship by sourcing the standby 0 IP? I >> can't. >> >>>>> >> >>>>> Let's look at router 5 on the other side >> >>>>> >> >>>>> interface >> > FastEthernet0/0 >> >>>>> ip address 10.0.4.5 255.255.255.0 >> >>>>> duplex auto >> >>>>> speed auto >> >>>>> >> >>>>> router bgp 5 >> >>>>> no synchronization >> >>>>> bgp log-neighbor-changes >> >>>>> neighbor 10.0.1.1 remote-as 1 >> >>>>> neighbor 10.0.4.254 remote-as 4 >> >>>>> no auto-summary >> >>>>> >> >>>>> >> >>>>> Let's debug BGP on R4 >> >>>>> >> >>>>> R4(config-router)#no >> >>>>> *Mar 1 00:31:36.267: BGP: 10.0.4.5 passive open to 10.0.4.254 >> >>>>> *Mar 1 00:31:36.271: BGP: 10.0.4.5 passive open failed - 10.0.4.254 >> is not update-source FastEthernet0/0's address (10.0.4.4) >> >>>>> *Mar 1 00:31:36.271: BGP: 10.0.4.5 remote connection attempt >> failed, local address 10.0.4.254 >> >>>>> R4(config-router)#no >> >>>>> *Mar 1 00:31:38.255: BGP: 10.0.4.5 open active, local address >> > 10.0.4.4 >> >>>>> *Mar 1 00:31:38.311: BGP: 10.0.4.5 open failed: Connection refused >> by remote host, open active delayed 26388ms (35000ms max, 28% jitter) >> >>>>> R4(config-router)#no >> >>>>> >> >>>>> ok it is complaining about 10.0.4.254 not being fa0/0's address. >> Fine, I will remove update source fa0/0 >> >>>>> >> >>>>> >> >>>>> >> >>>>> router bgp 4 >> >>>>> no synchronization >> >>>>> bgp log-neighbor-changes >> >>>>> neighbor 10.0.4.2 remote-as 2 >> >>>>> neighbor 10.0.4.3 remote-as 3 >> >>>>> neighbor 10.0.4.5 remote-as 5 >> >>>>> neighbor 10.0.4.5 update-source FastEthernet0/0 >> >>>>> maximum-paths 3 >> >>>>> no auto-summary >> >>>>> >> >>>>> no neighbor 10.0.4.5 update-source FastEthernet0/0 >> >>>>> >> >>>>> BGP: 10.0.4.5 rcvd OPEN w/ remote AS 5 >> >>>>> *Mar 1 >> > 00:33:09.427: BGP: 10.0.4.5 went from OpenSent to OpenConfirm >> >>>>> *Mar 1 00:33:09.427: BGP: 10.0.4.5 send message type 1, length >> (incl. header) 45 >> >>>>> *Mar 1 00:33:09.475: BGP: 10.0.4.5 went from OpenConfirm to >> Established >> >>>>> *Mar 1 00:33:09.475: %BGP-5-ADJCHANGE: neighbor 10.0.4.5 Up >> >>>>> >> >>>>> uh oh, it is working! Interesting.. I am in GNS3 but will lab it up >> at home on real hardware once I get there. This is not the behavior I >> expected. >> >>>>> >> >>>>> R5#sh ip bgp sum >> >>>>> [...] >> >>>>> Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down >> State/PfxRcd >> >>>>> 10.0.1.1 4 1 40 40 2 0 0 00:36:01 >> > 1 >> >>>>> 10.0.4.254 4 4 16 22 2 0 0 00:02:47 >> 1 >> >>>>> >> >>>>> >> >>>>> I also tested it with iBGP and the same behavior occured. I also >> failed over the HSRP address and made another node active as 10.0.4.254 and >> the adjacency did come back up on that router! >> >>>>> >> >>>>> I will try this out on real hardware once I get home and then report >> back. We had tried this in production 2 months ago using ASR1000s and >> could not get it working. >> >>>>> >> >>>>> Nick >> >>>>> >> >>>>> >> >>>>> ________________________________ >> >>>>> From: Samir Idris <[email protected]> >> >>>>> To: Nick Bonifacio <[email protected]> >> >>>>> Cc: Taqdir Singh <[email protected]>; " >> [email protected]" <[email protected]> >> >>>>> Sent: Thursday, October 11, 2012 7:50 AM >> >>>>> Subject: Re: [OSL | CCIE_RS] Hello team can we make bgp neighbor >> ship HSRP virtual IP ? >> >>>>> >> >>>>> >> >>>>> Nick, >> >>>>> >> >>>>> Why cant we source from a virtual IP? Can you shed some light on >> the logic? >> >>>>> >> >>>>> Regards, >> >>>>> Samir. >> >>>>> >> >>>>> On Thursday, October 11, 2012, Nick >> > Bonifacio <[email protected]> wrote: >> >>>>>> Hi Taqdir, >> >>>>>> >> >>>>>> You have to source from a physical interface and cannot source from >> a vIP. Here is a link to "best practice" using HSRP and multihomed BGP >> environments: >> >>>>>> >> >>>>>> >> http://www.cisco.com/en/US/tech/tk365/technologies_configuration_example09186a0080093f2c.shtml >> >>>>>> >> >>>>>> >> >>>>>> Thanks! >> >>>>>> Nick >> >>>>>> >> >>>>>> ________________________________ >> >>>>>> From: Taqdir Singh <[email protected]> >> >>>>>> To: [email protected] >> >>>>>> Sent: Thursday, October 11, 2012 3:16 AM >> >>>>>> Subject: [OSL | CCIE_RS] Hello team can we make bgp neighbor ship >> HSRP virtual IP ? >> >>>>>> >> >>>>>> Hello team can we make bgp neighborship with HSRP virtual IP ? >> >>>>>> _______________________________________________ >> >>>>>> For more information regarding industry leading CCIE Lab training, >> please visit http://www.ipexpert.com/ >> >>>>>> >> >>>>>> Are you a CCNP or CCIE and looking for a job? Check out >> http://www.platinumplacement.com/ >> >>>>>> >> >>>>>> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> >>>>>> _______________________________________________ >> >>>>>> For more information regarding industry leading CCIE Lab training, >> please visit http://www.ipexpert.com/ >> >>>>>> >> >>>>>> Are you a CCNP or CCIE and looking for a job? Check out >> http://www.platinumplacement.com/ >> >>>>>> >> >>>>>> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> >>>>> >> >>>>> -- >> >>>>> Samir Idris >> >>>>> _______________________________________________ >> >>>>> For more information regarding industry leading CCIE Lab training, >> please visit www.ipexpert.com >> >>>>> >> >>>>> Are >> > you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >>>>> >> >>>>> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> >>> _______________________________________________ >> >>> For more information regarding industry leading CCIE Lab training, >> please visit www.ipexpert.com >> >>> >> >>> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >>> >> >>> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> >>> _______________________________________________ >> >>> For more information regarding industry leading CCIE Lab training, >> please visit www.ipexpert.com >> >>> >> >>> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >>> >> >>> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> >> >> >> >> >> >> > _______________________________________________ >> > For more information regarding industry leading CCIE Lab training, >> please visit www.ipexpert.com >> > >> > Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> > >> > http://onlinestudylist.com/mailman/listinfo/ccie_rs >> _______________________________________________ >> For more information regarding industry leading CCIE Lab training, please >> visit www.ipexpert.com >> >> Are you a CCNP or CCIE and looking for a job? Check out >> www.PlatinumPlacement.com >> >> http://onlinestudylist.com/mailman/listinfo/ccie_rs >> > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > > http://onlinestudylist.com/mailman/listinfo/ccie_rs _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com http://onlinestudylist.com/mailman/listinfo/ccie_rs
